Fix bugs

Author: lunny

models/repo/transfer.go

@@ -68,6 +68,7 @@ type RepoTransfer struct { //nolint
 	RecipientID int64
 	Recipient   *user_model.User `xorm:"-"`
 	RepoID      int64
+	Repo        *Repository `xorm:"-"`
 	TeamIDs     []int64
 	Teams       []*organization.Team `xorm:"-"`
 
@@ -79,48 +80,65 @@ func init() {
 	db.RegisterModel(new(RepoTransfer))
 }
 
-// LoadAttributes fetches the transfer recipient from the database
-func (r *RepoTransfer) LoadAttributes(ctx context.Context) error {
+func (r *RepoTransfer) LoadRecipient(ctx context.Context) error {
 	if r.Recipient == nil {
 		u, err := user_model.GetUserByID(ctx, r.RecipientID)
 		if err != nil {
 			return err
 		}
-
 		r.Recipient = u
 	}
 
-	if r.Recipient.IsOrganization() && len(r.TeamIDs) != len(r.Teams) {
-		for _, v := range r.TeamIDs {
-			team, err := organization.GetTeamByID(ctx, v)
-			if err != nil {
-				return err
-			}
+	return nil
+}
 
-			if team.OrgID != r.Recipient.ID {
-				return fmt.Errorf("team %d belongs not to org %d", v, r.Recipient.ID)
-			}
+func (r *RepoTransfer) LoadRepo(ctx context.Context) error {
+	if r.Repo == nil {
+		repo, err := GetRepositoryByID(ctx, r.RepoID)
+		if err != nil {
+			return err
+		}
+		r.Repo = repo
+	}
+
+	return nil
+}
+
+// LoadAttributes fetches the transfer recipient from the database
+func (r *RepoTransfer) LoadAttributes(ctx context.Context) error {
+	if err := r.LoadRecipient(ctx); err != nil {
+		return err
+	}
 
+	if r.Recipient.IsOrganization() && r.Teams == nil {
+		teamsMap, err := organization.GetTeamsByIDs(ctx, r.TeamIDs)
+		if err != nil {
+			return err
+		}
+		for _, team := range teamsMap {
 			r.Teams = append(r.Teams, team)
 		}
 	}
 
+	if err := r.LoadRepo(ctx); err != nil {
+		return err
+	}
+
 	if r.Doer == nil {
 		u, err := user_model.GetUserByID(ctx, r.DoerID)
 		if err != nil {
 			return err
 		}
-
 		r.Doer = u
 	}
 
 	return nil
 }
 
-// CanUserAcceptOrRejectTransfer checks if the user has the rights to accept/decline a repo transfer.
+// CanUserAcceptTransfer checks if the user has the rights to accept/decline a repo transfer.
 // For user, it checks if it's himself
 // For organizations, it checks if the user is able to create repos
-func (r *RepoTransfer) CanUserAcceptOrRejectTransfer(ctx context.Context, u *user_model.User) bool {
+func (r *RepoTransfer) CanUserAcceptTransfer(ctx context.Context, u *user_model.User) bool {
 	if err := r.LoadAttributes(ctx); err != nil {
 		log.Error("LoadAttributes: %v", err)
 		return false
@@ -139,6 +157,32 @@ func (r *RepoTransfer) CanUserAcceptOrRejectTransfer(ctx context.Context, u *use
 	return allowed
 }
 
+func (r *RepoTransfer) CanUserCancelTransfer(ctx context.Context, u *user_model.User) bool {
+	if r.DoerID == u.ID { // sender can cancel the transfer
+		return true
+	}
+	if err := r.Repo.LoadOwner(ctx); err != nil {
+		log.Error("LoadOwner: %v", err)
+		return false
+	}
+	if !r.Repo.Owner.IsOrganization() {
+		if u.ID == r.Repo.OwnerID { // owner can cancel the transfer
+			return true
+		}
+	} else {
+		allowed, err := organization.CanCreateOrgRepo(ctx, r.Repo.OwnerID, u.ID)
+		if err != nil {
+			log.Error("CanCreateOrgRepo: %v", err)
+			return false
+		}
+		if allowed {
+			return true
+		}
+	}
+
+	return r.CanUserAcceptTransfer(ctx, u) // the user who can accept the transfer can also reject it
+}
+
 type PendingRepositoryTransferOptions struct {
 	RepoID      int64
 	SenderID    int64

routers/api/v1/repo/transfer.go

@@ -15,6 +15,7 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/convert"
@@ -162,11 +163,15 @@ func AcceptTransfer(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"
 
 	err := repo_service.AcceptTransferOwnership(ctx, ctx.Repo.Repository, ctx.Doer)
-	if ctx.Written() {
-		return
-	}
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "acceptOrRejectRepoTransfer", err)
+		switch {
+		case repo_model.IsErrNoPendingTransfer(err):
+			ctx.Error(http.StatusNotFound, "AcceptTransferOwnership", err)
+		case errors.Is(err, util.ErrPermissionDenied):
+			ctx.Error(http.StatusForbidden, "AcceptTransferOwnership", err)
+		default:
+			ctx.Error(http.StatusInternalServerError, "AcceptTransferOwnership", err)
+		}
 		return
 	}
 
@@ -199,9 +204,16 @@ func RejectTransfer(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	err := repo_service.RejectRepositoryTransfer(ctx, ctx.Repo.Repository, ctx.Doer)
+	err := repo_service.CancelRepositoryTransfer(ctx, ctx.Repo.Repository, ctx.Doer)
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "acceptOrRejectRepoTransfer", err)
+		switch {
+		case repo_model.IsErrNoPendingTransfer(err):
+			ctx.Error(http.StatusNotFound, "CancelRepositoryTransfer", err)
+		case errors.Is(err, util.ErrPermissionDenied):
+			ctx.Error(http.StatusForbidden, "CancelRepositoryTransfer", err)
+		default:
+			ctx.Error(http.StatusInternalServerError, "CancelRepositoryTransfer", err)
+		}
 		return
 	}
 

routers/web/repo/repo.go

@@ -328,7 +328,7 @@ func Action(ctx *context.Context) {
 		}
 		ctx.Redirect(ctx.Repo.Repository.Link())
 	case "reject_transfer":
-		err = repo_service.RejectRepositoryTransfer(ctx, ctx.Repo.Repository, ctx.Doer)
+		err = repo_service.CancelRepositoryTransfer(ctx, ctx.Repo.Repository, ctx.Doer)
 		if err == nil {
 			ctx.Flash.Success(ctx.Tr("repo.settings.transfer.rejected"))
 		}

routers/web/repo/setting/setting.go

@@ -821,7 +821,6 @@ func SettingsPost(ctx *context.Context) {
 			} else {
 				ctx.ServerError("GetPendingRepositoryTransfer", err)
 			}
-
 			return
 		}
 
@@ -830,7 +829,7 @@ func SettingsPost(ctx *context.Context) {
 			return
 		}
 
-		if err := repo_service.RejectRepositoryTransfer(ctx, ctx.Repo.Repository, ctx.Doer); err != nil {
+		if err := repo_service.CancelRepositoryTransfer(ctx, ctx.Repo.Repository, ctx.Doer); err != nil {
 			ctx.ServerError("CancelRepositoryTransfer", err)
 			return
 		}

services/context/repo.go

@@ -719,7 +719,7 @@ func RepoAssignment(ctx *Context) {
 
 		ctx.Data["RepoTransfer"] = repoTransfer
 		if ctx.Doer != nil {
-			ctx.Data["CanUserAcceptTransfer"] = repoTransfer.CanUserAcceptOrRejectTransfer(ctx, ctx.Doer)
+			ctx.Data["CanUserAcceptTransfer"] = repoTransfer.CanUserAcceptTransfer(ctx, ctx.Doer)
 		}
 	}
 

services/repository/transfer.go

@@ -48,7 +48,7 @@ func AcceptTransferOwnership(ctx context.Context, repo *repo_model.Repository, d
 			return err
 		}
 
-		if !repoTransfer.CanUserAcceptOrRejectTransfer(ctx, doer) {
+		if !repoTransfer.CanUserAcceptTransfer(ctx, doer) {
 			return util.ErrPermissionDenied
 		}
 
@@ -452,9 +452,10 @@ func StartRepositoryTransfer(ctx context.Context, doer, newOwner *user_model.Use
 	return nil
 }
 
-// RejectRepositoryTransfer marks the repository as ready and remove pending transfer entry,
+// CancelRepositoryTransfer marks the repository as ready and remove pending transfer entry,
 // thus cancel the transfer process.
-func RejectRepositoryTransfer(ctx context.Context, repo *repo_model.Repository, doer *user_model.User) error {
+// Both the sender and the accepter can cancel the transfer.
+func CancelRepositoryTransfer(ctx context.Context, repo *repo_model.Repository, doer *user_model.User) error {
 	return db.WithTx(ctx, func(ctx context.Context) error {
 		repoTransfer, err := repo_model.GetPendingRepositoryTransfer(ctx, repo)
 		if err != nil {
@@ -465,7 +466,7 @@ func RejectRepositoryTransfer(ctx context.Context, repo *repo_model.Repository,
 			return err
 		}
 
-		if !repoTransfer.CanUserAcceptOrRejectTransfer(ctx, doer) {
+		if !repoTransfer.CanUserCancelTransfer(ctx, doer) {
 			return util.ErrPermissionDenied
 		}
 

services/repository/transfer_test.go

@@ -93,7 +93,7 @@ func TestRepositoryTransfer(t *testing.T) {
 	assert.NotNil(t, transfer)
 
 	// Cancel transfer
-	assert.NoError(t, RejectRepositoryTransfer(db.DefaultContext, repo, doer))
+	assert.NoError(t, CancelRepositoryTransfer(db.DefaultContext, repo, doer))
 
 	transfer, err = repo_model.GetPendingRepositoryTransfer(db.DefaultContext, repo)
 	assert.Error(t, err)
@@ -122,6 +122,6 @@ func TestRepositoryTransfer(t *testing.T) {
 	assert.Error(t, err)
 
 	// Cancel transfer
-	err = RejectRepositoryTransfer(db.DefaultContext, repo2, doer)
+	err = CancelRepositoryTransfer(db.DefaultContext, repo2, doer)
 	assert.True(t, repo_model.IsErrNoPendingTransfer(err))
 }

services/user/block.go

@@ -207,7 +207,7 @@ func cancelRepositoryTransfers(ctx context.Context, doer, sender, recipient *use
 			return err
 		}
 
-		if err := repo_service.RejectRepositoryTransfer(ctx, repo, doer); err != nil {
+		if err := repo_service.CancelRepositoryTransfer(ctx, repo, doer); err != nil {
 			return err
 		}
 	}